20180319

On the off chance that your PC is lost or stolen, anybody with physical access to it can endeavor to get to the information on it regardless of whether they can't sign in with your account credentials. Basic documents can contain critical secrets, including financial balance points of interest, Social Security numbers, and other data that can possibly be utilized for wholesale fraud.

The best assurance against that sort of theft is to encrypt drives, particularly on mobile devices, with the goal that an assailant who accesses that drive can't read its contents.

All editions of Windows 10 support a feature called Device Encryption, which is available on devices that include a Trusted Platform Module (TPM) chip and support the InstantGo (Connected Standby) standard. To check whether your device supports this feature, go to Settings > System > About, and then scroll to the bottom of the page. If you see a Device Encryption heading like the one shown here, you’re in business:

In spite of the fact that the Device Encryption feature is on by default, the encryption only works if you sign in using a Microsoft account, which then acts as the encryption key.

On PCs running Windows 10 Pro, Enterprise, or Education editions, you have an additional security option called BitLocker Drive Encryption. To encrypt the system drive using BitLocker, the device must have a TPM chip, which means most modern Windows-based laptops designed for business use qualify.

Information

TPM (Trusted Platform Module) is a computer chip (microcontroller) that can securely store artifacts used to authenticate the platform (your PC or laptop). These artifacts can include passwords, certificates, or encryption keys.

BitLocker Drive Encryption is available for non–system drives, including external backup drives and removable media.

The BitLocker Drive Encryption can be turn on fron Control Panel > BitLocker Drive Encryption.

Use this BitLocker Drive Encryption page to manage encryption on system drives and fixed or removable data drives.

On any device you travel with, it’s crucial to encrypt the system drive so that your secrets remain safely locked away if your laptop is lost or stolen. You can also use BitLocker To Go to encrypt removable storage devices, such as USB flash drives.

You can only manage BitLocker To Go on a system running Windows 10 Pro, Enterprise, or Education. But after you encrypt a USB flash drive for the first time using a password, you can unlock that drive and use it on a system running any modern version of Windows, including Home editions.

In File Explorer, a removable drive encrypted with BitLocker To Go appears with a padlock icon. Type a password to unlock it, and use the options in that password box to decide whether you want that drive to automatically be unlocked when you sign in on the device to which it’s attached.

If you’re unable to start your system normally, you might be prompted to enter a recovery key. This is a 48-digit numeric value that serves as a backup for unlocking an encrypted drive. If you can’t access an encrypted drive and you can’t find the recovery key, that data is lost forever.

You are prompted to back up your recovery keys when you first turn on BitLocker for a given drive.

Note

Each drive has its own recovery key.

As below screenshoot shows, you have a choice of three backup options. (The first option will be slightly different on a device that’s joined to an Active Directory domain or Azure AD.)

For a PC you own and control, saving the BitLocker recovery key to your Microsoft account is the most convenient option and the fastest way to ensure that you can get back in business in the event of encryption problems. You can visit https://onedrive.com/recoverykey and sign in to see an online listing of encryption keys for all encrypted drives.

Did you find this tutorial helpful? Don’t forget to share your views with us.